I have a test that creates a user in LDAP with /bin/bash and I then modify the ldap attributes to /bin/noshell but the results from getent and ldapsearch are inconsistent for the shell.
This user does not exists in /etc/passwd.

Have you tried to clear the nscd cache with nscd -i passwd?
–
Sven♦Mar 8 '13 at 23:35

It would be good to mention your initial question to avoid duplication of effort. (@SvenW: yes, they did)
–
Andrew BMar 8 '13 at 23:50

Your other question mentions that the problem seemed to temporarily clear up but was not permanently resolved by clearing the nscd cache. By any chance do you have multiple LDAP servers defined, and have you made sure that the data is sync between them?
–
Andrew BMar 8 '13 at 23:55

1 Answer
1

The nss-pam-ldapd package allows LDAP directory servers to be used as a primary source of name service information. When I would run 'getent passwd', I would only see the users from the /etc/passwd file. When I started the /etc/init.d/nslcd service and then issued the 'getent passwd' command, I then saw all LDAP users and system users and the shells were synced.

The service did not start when I installed the nss-pam-ldapd package, I manually started it, and now everything works like a charm.